Aidantwoods

**Name of the Vulnerable Software and Affected Versions** Parsedown versions prior to 1.7.0 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability in the `setMarkupEscaped` function for escaping HTML, which can result in JavaScript code execution. This can be exploited via specially crafted markdown that allows it to bypass HTML escaping by breaking Abstract Syntax Tree (AST) boundaries. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `setMarkupEscaped` function until a patch is available. Avoid using specially crafted markdown that can break AST boundaries in the affected function until the issue is resolved.